private Subject createSubject(String name) { Set<Principal> principalSet = new HashSet<>(); principalSet.add(createPrincipal(name)); return new Subject(true, principalSet, new HashSet(), new HashSet()); }
@Test public void SimpleACLNimbusUserAuthTest() { Map<String, Object> clusterConf = ConfigUtils.readStormConfig(); Collection<String> adminUserSet = new HashSet<>(Arrays.asList("admin")); Collection<String> supervisorUserSet = new HashSet<>(Arrays.asList("supervisor")); Collection<String> nimbusUserSet = new HashSet<>(Arrays.asList("user-a")); clusterConf.put(Config.NIMBUS_ADMINS, adminUserSet); clusterConf.put(Config.NIMBUS_SUPERVISOR_USERS, supervisorUserSet); clusterConf.put(Config.NIMBUS_USERS, nimbusUserSet); IAuthorizer authorizer = new SimpleACLAuthorizer(); Subject adminUser = createSubject("admin"); Subject supervisorUser = createSubject("supervisor"); Subject userA = createSubject("user-a"); Subject userB = createSubject("user-b"); authorizer.prepare(clusterConf); Assert.assertTrue(authorizer.permit(new ReqContext(userA), "submitTopology", new HashMap<>())); Assert.assertFalse(authorizer.permit(new ReqContext(userB), "submitTopology", new HashMap<>())); Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "fileUpload", new HashMap<>())); Assert.assertTrue(authorizer.permit(new ReqContext(supervisorUser), "fileDownload", new HashMap<>())); }
@Test public void SimpleACLTopologyReadOnlyGroupAuthTest() { Map<String, Object> clusterConf = ConfigUtils.readStormConfig(); clusterConf.put(Config.STORM_GROUP_MAPPING_SERVICE_PROVIDER_PLUGIN, SimpleACLTopologyReadOnlyGroupAuthTestMock.class.getName()); Map<String, Object> topoConf = new HashMap<>(); Collection<String> topologyReadOnlyGroupSet = new HashSet<>(Arrays.asList("group-readonly")); topoConf.put(Config.TOPOLOGY_READONLY_GROUPS, topologyReadOnlyGroupSet); Subject userInReadOnlyGroup = createSubject("user-in-readonly-group"); Subject userB = createSubject("user-b"); IAuthorizer authorizer = new SimpleACLAuthorizer(); authorizer.prepare(clusterConf); Assert.assertFalse(authorizer.permit(new ReqContext(userInReadOnlyGroup), "killTopology", topoConf)); Assert.assertFalse(authorizer.permit(new ReqContext(userB), "killTopology", topoConf)); Assert.assertTrue(authorizer.permit(new ReqContext(userInReadOnlyGroup), "getTopologyInfo", topoConf)); Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getTopologyInfo", topoConf)); }
Subject adminUser = createSubject("admin"); Subject supervisorUser = createSubject("supervisor"); Subject userA = createSubject("user-a"); Subject userB = createSubject("user-b");
topoConf.put(Config.TOPOLOGY_READONLY_USERS, topologyReadOnlyUserSet); Subject userA = createSubject("user-a"); Subject userB = createSubject("user-b"); Subject readOnlyUser = createSubject("user-readonly");